chore: remove upstream CI workflows (mirror inertization per internal#233)

.github/workflows/check-dist.yml

@@ -1,53 +0,0 @@
-# `dist/index.js` is a special file in Actions.
-# When you reference an action with `uses:` in a workflow,
-# `index.js` is the code that will run.
-# For our project, we generate this file through a build process
-# from other source files.
-# We need to make sure the checked-in `index.js` actually matches what we expect it to be.
-name: Check dist/
-
-on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-  workflow_dispatch:
-
-jobs:
-  check-dist:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Node 24
-        uses: actions/setup-node@v4
-        with:
-          node-version: 24.x
-          cache: 'npm'
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Rebuild the dist/ directory
-        run: npm run release
-
-      - name: Compare the expected and actual dist/ directories
-        run: |
-          if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
-            echo "Detected uncommitted changes after build.  See status below:"
-            git diff
-            exit 1
-          fi
-        id: diff
-
-      # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v4
-        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
-        with:
-          name: dist
-          path: dist/

.github/workflows/codeql-analysis.yml

@@ -1,46 +0,0 @@
-name: "Code scanning - action"
-
-on:
-  push:
-    branches-ignore: "dependabot/**"
-  pull_request:
-    paths-ignore:
-      - '**.md'
-  schedule:
-    - cron: '0 6 * * 3'
-
-jobs:
-  CodeQL-Build:
-
-    # CodeQL runs on ubuntu-latest and windows-latest
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      # Override language selection by uncommenting this and choosing your languages
-      # with:
-      #   languages: go, javascript, csharp, python, cpp, java
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3

.github/workflows/licensed.yml

@@ -1,24 +0,0 @@
-name: Licensed
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    branches:
-      - main
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    name: Check licenses
-    steps:
-      - uses: actions/checkout@v4
-      - run: npm ci
-      - name: Install licensed
-        run: |
-          cd $RUNNER_TEMP
-          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/2.12.2/licensed-2.12.2-linux-x64.tar.gz
-          sudo tar -xzf licensed.tar.gz
-          sudo mv licensed /usr/local/bin/licensed
-      - run: licensed status

.github/workflows/publish-immutable-actions.yml

@@ -1,20 +0,0 @@
-name: 'Publish Immutable Action Version'
-
-on:
-  release:
-    types: [published]
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
-
-    steps:
-      - name: Checking out
-        uses: actions/checkout@v4
-      - name: Publish
-        id: publish
-        uses: actions/publish-immutable-action@0.0.3

.github/workflows/release-new-action-version.yml

@@ -1,28 +0,0 @@
-name: Release new action version
-on:
-  release:
-    types: [released]
-  workflow_dispatch:
-    inputs:
-      TAG_NAME:
-        description: 'Tag name that the major tag will point to'
-        required: true
-
-env:
-  TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
-permissions:
-  contents: write
-
-jobs:
-  update_tag:
-    name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
-    environment:
-      name: releaseNewActionVersion
-    runs-on: ubuntu-latest
-    steps:
-    - name: Update the ${{ env.TAG_NAME }} tag
-      id: update-major-tag
-      uses: actions/publish-action@v0.3.0
-      with:
-        source-tag: ${{ env.TAG_NAME }}
-        slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/test-proxy.yml

@@ -1,114 +0,0 @@
-name: Test Proxy
-
-on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-
-permissions:
-  contents: read
-
-jobs:
-  # End to end upload with proxy
-  test-proxy-upload:
-    runs-on: ubuntu-latest
-    container:
-      image: ubuntu:latest
-      options: --cap-add=NET_ADMIN
-    services:
-      squid-proxy:
-        image: ubuntu/squid:latest
-        ports:
-          - 3128:3128
-    env:
-      http_proxy: http://squid-proxy:3128
-      https_proxy: http://squid-proxy:3128
-    steps:
-    - name: Wait for proxy to be ready
-      shell: bash
-      run: |
-        echo "Waiting for squid proxy to be ready..."
-        echo "Resolving squid-proxy hostname:"
-        getent hosts squid-proxy || echo "DNS resolution failed"
-        for i in $(seq 1 30); do
-          if (echo > /dev/tcp/squid-proxy/3128) 2>/dev/null; then
-            echo "Proxy is ready!"
-            exit 0
-          fi
-          echo "Attempt $i: Proxy not ready, waiting..."
-          sleep 2
-        done
-        echo "Proxy failed to become ready"
-        exit 1
-      env:
-        http_proxy: ""
-        https_proxy: ""
-    - name: Install dependencies
-      run: |
-        apt-get update
-        apt-get install -y iptables curl
-    - name: Verify proxy is working
-      run: |
-        echo "Testing proxy connectivity..."
-        curl -s -o /dev/null -w "%{http_code}" --proxy http://squid-proxy:3128 http://github.com || true
-        echo "Proxy verification complete"
-    - name: Block direct traffic (enforce proxy usage)
-      run: |
-        # Get the squid-proxy container IP
-        PROXY_IP=$(getent hosts squid-proxy | awk '{ print $1 }')
-        echo "Proxy IP: $PROXY_IP"
-        
-        # Allow loopback traffic
-        iptables -A OUTPUT -o lo -j ACCEPT
-        
-        # Allow traffic to the proxy container
-        iptables -A OUTPUT -d $PROXY_IP -j ACCEPT
-        
-        # Allow established connections
-        iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-        
-        # Allow DNS (needed for initial resolution)
-        iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
-        iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
-        
-        # Block all other outbound traffic (HTTP/HTTPS)
-        iptables -A OUTPUT -p tcp --dport 80 -j REJECT
-        iptables -A OUTPUT -p tcp --dport 443 -j REJECT
-        
-        # Log the iptables rules for debugging
-        iptables -L -v -n
-    - name: Verify direct HTTPS is blocked
-      run: |
-        echo "Testing that direct HTTPS requests fail..."
-        if curl --noproxy '*' -s --connect-timeout 5 https://github.com > /dev/null 2>&1; then
-          echo "ERROR: Direct HTTPS request succeeded - blocking is not working!"
-          exit 1
-        else
-          echo "SUCCESS: Direct HTTPS request was blocked as expected"
-        fi
-        
-        echo "Testing that HTTPS through proxy succeeds..."
-        if curl --proxy http://squid-proxy:3128 -s --connect-timeout 10 https://github.com > /dev/null 2>&1; then
-          echo "SUCCESS: HTTPS request through proxy succeeded"
-        else
-          echo "ERROR: HTTPS request through proxy failed!"
-          exit 1
-        fi
-    - name: Checkout
-      uses: actions/checkout@v4
-    - name: Create artifact file
-      run: |
-        mkdir -p test-artifacts
-        echo "Proxy test artifact - $GITHUB_RUN_ID" > test-artifacts/proxy-test.txt
-        echo "Random data: $RANDOM $RANDOM $RANDOM" >> test-artifacts/proxy-test.txt
-        cat test-artifacts/proxy-test.txt
-    - name: Upload artifact through proxy
-      uses: ./
-      with:
-        name: 'Proxy-Test-Artifact-${{ github.run_id }}'
-        path: test-artifacts/proxy-test.txt

.github/workflows/test.yml

@@ -1,428 +0,0 @@
-name: Test
-
-on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-
-permissions:
-  contents: read
-  actions: write
-
-jobs:
-  build:
-    name: Build
-
-    strategy:
-      matrix:
-        runs-on: [ubuntu-latest, macos-latest, windows-latest]
-      fail-fast: false
-
-    runs-on: ${{ matrix.runs-on }}
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    - name: Setup Node 24
-      uses: actions/setup-node@v4
-      with:
-        node-version: 24.x
-        cache: 'npm'
-
-    - name: Install dependencies
-      run: npm ci
-
-    - name: Compile
-      run: npm run build
-
-    - name: Lint
-      run: npm run lint
-
-    - name: Format
-      run: npm run format-check
-
-    - name: Test
-      run: npm run test
-
-    # Test end-to-end by uploading a few artifacts and then downloading them
-    - name: Create artifact files
-      run: |
-        mkdir -p path/to/dir-1
-        mkdir -p path/to/dir-2
-        mkdir -p path/to/dir-3
-        mkdir -p symlink/
-        echo "Lorem ipsum dolor sit amet" > path/to/dir-1/file1.txt
-        echo "Hello world from file #2" > path/to/dir-2/file2.txt
-        echo "Hello from a symlinked file" > symlink/original.txt
-        ln -s $(pwd)/symlink/original.txt symlink/abs.txt
-        ln -s original.txt symlink/rel.txt
-      shell: bash
-
-    # Upload a single file artifact
-    - name: 'Upload artifact #1'
-      uses: ./
-      with:
-        name: 'Artifact-A-${{ matrix.runs-on }}'
-        path: path/to/dir-1/file1.txt
-
-    # Upload using a wildcard pattern
-    - name: 'Upload artifact #2'
-      uses: ./
-      with:
-        name: 'Artifact-Wildcard-${{ matrix.runs-on }}'
-        path: path/**/dir*/
-
-    # Upload a multi-path artifact
-    - name: 'Upload artifact #3'
-      uses: ./
-      with:
-        name: 'Multi-Path-Artifact-${{ matrix.runs-on }}'
-        path: |
-          path/to/dir-1/*
-          path/to/dir-[23]/*
-          !path/to/dir-3/*.txt
-
-    - name: 'Upload symlinked artifact'
-      uses: ./
-      with:
-        name: 'Symlinked-Artifact-${{ matrix.runs-on }}'
-        path: |
-          symlink/abs.txt
-          symlink/rel.txt
-
-    # Download Artifact #1 and verify the correctness of the content
-    - name: 'Download artifact #1'
-      uses: actions/download-artifact@main
-      with:
-        name: 'Artifact-A-${{ matrix.runs-on }}'
-        path: some/new/path
-
-    - name: 'Verify Artifact #1'
-      run: |
-        $file = "some/new/path/file1.txt"
-        if(!(Test-Path -path $file))
-        {
-            Write-Error "Expected file does not exist"
-        }
-        if(!((Get-Content $file) -ceq "Lorem ipsum dolor sit amet"))
-        {
-            Write-Error "File contents of downloaded artifact are incorrect"
-        }
-      shell: pwsh
-
-    # Download Artifact #2 and verify the correctness of the content
-    - name: 'Download artifact #2'
-      uses: actions/download-artifact@main
-      with:
-        name: 'Artifact-Wildcard-${{ matrix.runs-on }}'
-        path: some/other/path
-
-    - name: 'Verify Artifact #2'
-      run: |
-        $file1 = "some/other/path/to/dir-1/file1.txt"
-        $file2 = "some/other/path/to/dir-2/file2.txt"
-        if(!(Test-Path -path $file1) -or !(Test-Path -path $file2))
-        {
-            Write-Error "Expected files do not exist"
-        }
-        if(!((Get-Content $file1) -ceq "Lorem ipsum dolor sit amet") -or !((Get-Content $file2) -ceq "Hello world from file #2"))
-        {
-            Write-Error "File contents of downloaded artifacts are incorrect"
-        }
-      shell: pwsh
-
-    # Download Artifact #4 and verify the correctness of the content
-    - name: 'Download artifact #4'
-      uses: actions/download-artifact@main
-      with:
-        name: 'Multi-Path-Artifact-${{ matrix.runs-on }}'
-        path: multi/artifact
-
-    - name: 'Verify Artifact #4'
-      run: |
-        $file1 = "multi/artifact/dir-1/file1.txt"
-        $file2 = "multi/artifact/dir-2/file2.txt"
-        if(!(Test-Path -path $file1) -or !(Test-Path -path $file2))
-        {
-            Write-Error "Expected files do not exist"
-        }
-        if(!((Get-Content $file1) -ceq "Lorem ipsum dolor sit amet") -or !((Get-Content $file2) -ceq "Hello world from file #2"))
-        {
-            Write-Error "File contents of downloaded artifacts are incorrect"
-        }
-      shell: pwsh
-
-    - name: 'Download symlinked artifact'
-      uses: actions/download-artifact@main
-      with:
-        name: 'Symlinked-Artifact-${{ matrix.runs-on }}'
-        path: from/symlink
-
-    - name: 'Verify symlinked artifact'
-      run: |
-        $abs = "from/symlink/abs.txt"
-        if(!(Test-Path -path $abs))
-        {
-            Write-Error "Expected file does not exist"
-        }
-        if(!((Get-Content $abs) -ceq "Hello from a symlinked file"))
-        {
-            Write-Error "File contents of downloaded artifact are incorrect"
-        }
-        $rel = "from/symlink/rel.txt"
-        if(!(Test-Path -path $rel))
-        {
-            Write-Error "Expected file does not exist"
-        }
-        if(!((Get-Content $rel) -ceq "Hello from a symlinked file"))
-        {
-            Write-Error "File contents of downloaded artifact are incorrect"
-        }
-      shell: pwsh
-
-    - name: 'Alter file 1 content'
-      run: |
-        echo "This file has changed" > path/to/dir-1/file1.txt
-
-    # Replace the contents of Artifact #1
-    - name: 'Overwrite artifact #1'
-      uses: ./
-      with:
-        name: 'Artifact-A-${{ matrix.runs-on }}'
-        path: path/to/dir-1/file1.txt
-        overwrite: true
-
-    # Download replaced Artifact #1 and verify the correctness of the content
-    - name: 'Download artifact #1 again'
-      uses: actions/download-artifact@main
-      with:
-        name: 'Artifact-A-${{ matrix.runs-on }}'
-        path: overwrite/some/new/path
-
-    - name: 'Verify Artifact #1 again'
-      run: |
-        $file = "overwrite/some/new/path/file1.txt"
-        if(!(Test-Path -path $file))
-        {
-            Write-Error "Expected file does not exist"
-        }
-        if(!((Get-Content $file) -ceq "This file has changed"))
-        {
-            Write-Error "File contents of downloaded artifact are incorrect"
-        }
-      shell: pwsh
-
-    # Upload a single file without archiving (direct file upload)
-    - name: 'Create direct upload file'
-      run: echo -n 'direct file upload content' > direct-upload-${{ matrix.runs-on }}.txt
-      shell: bash
-
-    - name: 'Upload direct file artifact'
-      uses: ./
-      with:
-        name: 'Direct-File-${{ matrix.runs-on }}'
-        path: direct-upload-${{ matrix.runs-on }}.txt
-        archive: false
-
-    - name: 'Download direct file artifact'
-      uses: actions/download-artifact@main
-      with:
-        name: direct-upload-${{ matrix.runs-on }}.txt
-        path: direct-download
-
-    - name: 'Verify direct file artifact'
-      run: |
-        $file = "direct-download/direct-upload-${{ matrix.runs-on }}.txt"
-        if(!(Test-Path -path $file))
-        {
-            Write-Error "Expected file does not exist"
-        }
-        if(!((Get-Content $file -Raw).TrimEnd() -ceq "direct file upload content"))
-        {
-            Write-Error "File contents of downloaded artifact are incorrect"
-        }
-      shell: pwsh
-
-  upload-html-report:
-    name: Upload HTML Report
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    - name: Setup Node 24
-      uses: actions/setup-node@v4
-      with:
-        node-version: 24.x
-        cache: 'npm'
-
-    - name: Install dependencies
-      run: npm ci
-
-    - name: Compile
-      run: npm run build
-
-    - name: Create HTML report
-      run: |
-        cat > report.html << 'EOF'
-        <!DOCTYPE html>
-        <html lang="en">
-        <head>
-          <meta charset="UTF-8">
-          <meta name="viewport" content="width=device-width, initial-scale=1.0">
-          <title>Artifact Upload Test Report</title>
-          <style>
-            body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Helvetica, Arial, sans-serif; max-width: 800px; margin: 40px auto; padding: 0 20px; color: #24292f; }
-            h1 { border-bottom: 1px solid #d0d7de; padding-bottom: 8px; }
-            .success { color: #1a7f37; }
-            .info { background: #ddf4ff; border: 1px solid #54aeff; border-radius: 6px; padding: 12px 16px; margin: 16px 0; }
-            table { border-collapse: collapse; width: 100%; margin: 16px 0; }
-            th, td { border: 1px solid #d0d7de; padding: 8px 12px; text-align: left; }
-            th { background: #f6f8fa; }
-          </style>
-        </head>
-        <body>
-          <h1>Artifact Upload Test Report</h1>
-          <div class="info">
-            <strong>This HTML file was uploaded as a single un-zipped artifact.</strong>
-            If you can see this in the browser, the feature is working correctly!
-          </div>
-          <table>
-            <tr><th>Property</th><th>Value</th></tr>
-            <tr><td>Upload method</td><td><code>archive: false</code></td></tr>
-            <tr><td>Content-Type</td><td><code>text/html</code></td></tr>
-            <tr><td>File</td><td><code>report.html</code></td></tr>
-          </table>
-          <p class="success">&#10004; Single file upload is working!</p>
-        </body>
-        </html>
-        EOF
-
-    - name: Upload HTML report (no archive)
-      uses: ./
-      with:
-        name: 'test-report'
-        path: report.html
-        archive: false
-
-  merge:
-    name: Merge
-    needs: build
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    # Merge all artifacts from previous jobs
-    - name: Merge all artifacts in run
-      uses: ./merge/
-      with:
-        # our matrix produces artifacts with the same file, this prevents "stomping" on each other, also makes it
-        # easier to identify each of the merged artifacts
-        separate-directories: true
-    - name: 'Download merged artifacts'
-      uses: actions/download-artifact@main
-      with:
-        name: merged-artifacts
-        path: all-merged-artifacts
-    - name: 'Check merged artifact has directories for each artifact'
-      run: |
-        $artifacts = @(
-          "Artifact-A-ubuntu-latest",
-          "Artifact-A-macos-latest",
-          "Artifact-A-windows-latest",
-          "Artifact-Wildcard-ubuntu-latest",
-          "Artifact-Wildcard-macos-latest",
-          "Artifact-Wildcard-windows-latest",
-          "Multi-Path-Artifact-ubuntu-latest",
-          "Multi-Path-Artifact-macos-latest",
-          "Multi-Path-Artifact-windows-latest"
-        )
-
-        foreach ($artifact in $artifacts) {
-          $path = "all-merged-artifacts/$artifact"
-          if (!(Test-Path $path)) {
-            Write-Error "$path does not exist."
-          }
-        }
-      shell: pwsh
-
-    # Merge Artifact-A-* from previous jobs
-    - name: Merge all Artifact-A
-      uses: ./merge/
-      with:
-        name: Merged-Artifact-As
-        pattern: 'Artifact-A-*'
-        separate-directories: true
-
-    # Download merged artifacts and verify the correctness of the content
-    - name: 'Download merged artifacts'
-      uses: actions/download-artifact@main
-      with:
-        name: Merged-Artifact-As
-        path: merged-artifact-a
-
-    - name: 'Verify merged artifacts'
-      run: |
-        $files = @(
-          "merged-artifact-a/Artifact-A-ubuntu-latest/file1.txt",
-          "merged-artifact-a/Artifact-A-macos-latest/file1.txt",
-          "merged-artifact-a/Artifact-A-windows-latest/file1.txt"
-        )
-
-        foreach ($file in $files) {
-          if (!(Test-Path $file)) {
-            Write-Error "$file does not exist."
-          }
-
-          if (!((Get-Content $file) -ceq "This file has changed")) {
-            Write-Error "$file has incorrect content."
-          }
-        }
-      shell: pwsh
-
-  cleanup:
-    name: Cleanup Artifacts
-    needs: [build, merge]
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Delete test artifacts
-      uses: actions/github-script@v8
-      with:
-        script: |
-          const keep = ['report.html'];
-          const owner = context.repo.owner;
-          const repo = context.repo.repo;
-          const runId = context.runId;
-
-          const {data: {artifacts}} = await github.rest.actions.listWorkflowRunArtifacts({
-            owner,
-            repo,
-            run_id: runId
-          });
-
-          for (const a of artifacts) {
-            if (keep.includes(a.name)) {
-              console.log(`Keeping artifact '${a.name}'`);
-              continue;
-            }
-            try {
-              await github.rest.actions.deleteArtifact({
-                owner,
-                repo,
-                artifact_id: a.id
-              });
-              console.log(`Deleted artifact '${a.name}'`);
-            } catch (err) {
-              console.log(`Could not delete artifact '${a.name}': ${err.message}`);
-            }
-          }